PHP帐户激活问题

Question

I wrote a login system for my website. When the user registers, the system emails an activation link to the email address the user provided. The link contains two parameters, email and key. The email parameter has the user's email address and the key parameter has the registration code so that the registration can be verified and changed from pending to confirmed. The activation page is supposed to fetch the Status column from the row that has the email parameter set in the Email column. For some reason, the script decides that any link is valid, and attempts to update the status of the account whether it exists or not.

Here is my code:

<?php

$email = $_GET['email'];
if($email == "") {
  header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
  exit;
}
$key = $_GET['key'];
if($key == "") {
  header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
  exit;
}

$con = mysql_connect("HOST", "USER", "PASS") or die(mysql_error());
mysql_select_db("zach_yardad", $con) or die(mysql_error());
$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Status`='".mysql_real_escape_string($key)."'";
$result1 = mysql_query($query1) or die(mysql_error());
if(mysql_num_rows($result1) <= 0) {
  header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
 exit;
} else {
  $query = "UPDATE Accounts SET `Status`='Confirmed' WHERE `Email`='$email'";
  mysql_query($query) or die(mysql_error());
  header("Location: http://www.zbrowntechnology.info/yard/login.php?message=Registration Complete!");
  exit;
}

?>

Here is a valid activation link:

http://www.zbrowntechnology.info/yard/activate.php?email=zach@zbrowntechnology.com&key=2772190956485245

It will activate that account by following the link, but it will redirect to the login page after activation if the link is not valid.

---

EDIT:

Here is the result of the query DESCRIBE `Accounts` :

First Name  varchar(65) NO      NULL     
Last Name   varchar(65) NO      NULL     
Email   varchar(100)    NO      NULL     
Username    varchar(65) NO      NULL     
Password    varchar(65) NO      NULL     
Status  varchar(65) NO      NULL     

Answer 1

I noticed that you are selecting status, to check to see if its confirmed or not..

Your Status field is where confirmed / unconfirmed is stored correct?

Shouldn't you be checking for Key?

In other words, instead of:

$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Status`='".mysql_real_escape_string($key)."'";

Use:

$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Key`='".mysql_real_escape_string($key)."'";

Replacing Key with the name of the field you store the KEY in.. as this is what you are checking for with your $_GET request, email and key.. not email and status.

Answer 2

Can you try changing your code to this:

$query1 = mysql_query("SELECT `Status` FROM `Accounts` WHERE `Email`='".mysql_real_escape_string($email)."' AND `Status`='".mysql_real_escape_string($key)."'");
 if(mysql_num_rows($query1) <= 0) {

This should work..

If that doesn't work, try this:

$query1 = mysql_query("SELECT `Status` FROM `Accounts` WHERE `Email`='".mysql_real_escape_string($email)."' AND `Status`='".mysql_real_escape_string($key)."'", $con);
     if(mysql_num_rows($query1) <= 0) {

====Full Code====

<?php
if($_GET['email'] == "") {
header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
exit;
}

if($_GET['key'] == "") {
header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
exit;
}

$email = mysql_real_escape_string($_GET['email']);
$key = mysql_real_escape_string($_GET['key']);

$con = mysql_connect('HOST', 'USER', 'PASS');
mysql_select_db('zach_yardad', $con) or die(mysql_error());

$query1 = mysql_query("SELECT `Status` FROM `Accounts` WHERE `Email` = '" . $email . "' AND `Status` = '" . $key ."'", $con);
if(mysql_num_rows($query1) <= 0) {
header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
exit();
} else {
mysql_query("UPDATE `Accounts` SET `Status`='Confirmed' WHERE `Email`='$email'", $con);
header("Location: http://www.zbrowntechnology.info/yard/login.php?message=Registration Complete!");
exit();
}
?>

Answer 3

First thing I notice is, in your mysql query you are using the status column as a where field.

$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Status`='".mysql_real_escape_string($key)."'";

From the way you wrote your code it seems like it should be:

$query1 = "SELECT `Status` FROM Accounts WHERE `Email`='".mysql_real_escape_string($email)."' AND `Key`='".mysql_real_escape_string($key)."'";

To debug the code, how about you comment out the header and exit commands and then just after you define $query1, do a

print $query1;

Re-try the page and this will help you see what you are passing to mysql.

UPDATE:

Reading your recent input I think this might work for you:

if(mysql_num_rows($result1) > 0) {
  $query = "UPDATE Accounts SET `Status`='Confirmed' WHERE `Email`='$email'";
  mysql_query($query) or die(mysql_error());
  header("Location: http://www.zbrowntechnology.info/yard/login.php?message=Registration Complete!");
  exit;

} else {
  header("Location: http://www.zbrowntechnology.info/yard/register.php?message=Invalid Activation Link!");
 exit;
}